Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT_UNPATCHED-LIBXSLT-RHEL5.NASL
HistoryMay 11, 2024 - 12:00 a.m.

RHEL 5 : libxslt (Unpatched Vulnerability)

2024-05-1100:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
rhel 5
libxslt
unpatched vulnerability
remote attackers
arbitrary code
denial of service
uninitialized data

9.5 High

AI Score

Confidence

High

0.047 Low

EPSS

Percentile

92.7%

JSON

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  • libxslt: Heap overread due to an empty decimal-separator (CVE-2016-4738)

  • libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL (CVE-2019-11068)

  • libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. (CVE-2016-1841)

  • libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. (CVE-2016-4607)

  • libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. (CVE-2016-4608)

  • libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612. (CVE-2016-4609)

  • libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612. (CVE-2016-4610)

  • In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. (CVE-2019-13117)

  • In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. (CVE-2019-13118)

  • In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn’t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. (CVE-2019-18197)

Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory libxslt. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(196414);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/11");

  script_cve_id(
    "CVE-2016-1841",
    "CVE-2016-4607",
    "CVE-2016-4608",
    "CVE-2016-4609",
    "CVE-2016-4610",
    "CVE-2016-4738",
    "CVE-2019-11068",
    "CVE-2019-13117",
    "CVE-2019-13118",
    "CVE-2019-18197"
  );

  script_name(english:"RHEL 5 : libxslt (Unpatched Vulnerability)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 5 host is affected by multiple vulnerabilities that will not be patched.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - libxslt: Heap overread due to an empty decimal-separator (CVE-2016-4738)

  - libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL (CVE-2019-11068)

  - libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before
    2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)
    via a crafted web site. (CVE-2016-1841)

  - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before
    5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of
    service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different
    vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. (CVE-2016-4607)

  - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before
    5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of
    service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different
    vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. (CVE-2016-4608)

  - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before
    5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of
    service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different
    vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612. (CVE-2016-4609)

  - libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before
    5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of
    service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different
    vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612. (CVE-2016-4610)

  - In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized
    read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack
    contains the characters A, a, I, i, or 0, or any other character. (CVE-2019-13117)

  - In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too
    narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to
    a read of uninitialized stack data. (CVE-2019-13118)

  - In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain
    circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds
    check could fail and memory outside a buffer could be written to, or uninitialized data could be
    disclosed. (CVE-2019-18197)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
  script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4738");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-11068");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxslt");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '5')) audit(AUDIT_OS_NOT, 'Red Hat 5.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'pkgs': [
      {'reference':'libxslt', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'libxslt'}
    ]
  }
];


var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
  foreach var pkg ( constraint_array['pkgs'] ) {
    var unpatched_pkg = NULL;
    var _release = NULL;
    var sp = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (unpatched_pkg &&
        _release &&
        (!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
        unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : unpatched_packages_report()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxslt');
}
VendorProductVersionCPE
redhatenterprise_linux5cpe:/o:redhat:enterprise_linux:5
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
redhatenterprise_linuxlibxsltp-cpe:/a:redhat:enterprise_linux:libxslt

Related

nessus 56
nvd 9
cve 8
ubuntucve 7
redhatcve 7
prion 9
cvelist 9
debiancve 6
fedora 6
openvas 40
debian 6
osv 4
suse 3
cloudfoundry 1
mageia 2
ubuntu 2
rubygems 1
amazon 4
ibm 1
almalinux 1
rosalinux 1
redhat 2
oraclelinux 2
f5 2
github 2
alpinelinux 4
veracode 2
symantec 2
nessus
nessus
RHEL 6 : libxslt (Unpatched Vulnerability)
2024-05-11 00:00:00
Fedora 30 : mingw-libxslt (2019-320d5295fc)
2019-06-19 00:00:00
EulerOS 2.0 SP2 : libxslt (EulerOS-SA-2019-2519)
2019-12-04 00:00:00
nvd
nvd
CVE-2016-4610
2016-07-22 02:59:34
CVE-2016-4609
2016-07-22 02:59:32
CVE-2016-4608
2016-07-22 02:59:31
cve
cve
CVE-2016-4608
2016-07-22 02:59:31
CVE-2016-4609
2016-07-22 02:59:32
CVE-2016-4610
2016-07-22 02:59:34
ubuntucve
ubuntucve
CVE-2016-4610
2016-07-22 00:00:00
CVE-2016-4608
2016-07-22 00:00:00
CVE-2016-4607
2016-07-22 00:00:00
redhatcve
redhatcve
CVE-2016-4609
2019-05-29 10:53:16
CVE-2016-4610
2019-05-29 10:51:20
CVE-2016-4607
2019-05-29 10:50:38
prion
prion
Memory corruption
2016-07-22 02:59:00
Memory corruption
2016-07-22 02:59:00
Memory corruption
2016-07-22 02:59:00
cvelist
cvelist
CVE-2016-4610
2016-07-22 01:00:00
CVE-2016-4609
2016-07-22 01:00:00
CVE-2016-4607
2016-07-22 01:00:00
debiancve
debiancve
CVE-2016-4608
2016-07-22 02:59:31
CVE-2016-4609
2016-07-22 02:59:32
CVE-2016-4610
2016-07-22 02:59:34
fedora
fedora
[SECURITY] Fedora 30 Update: mingw-libxslt-1.1.33-1.fc30
2019-06-18 18:15:35
[SECURITY] Fedora 31 Update: libxslt-1.1.34-1.fc31
2020-03-18 02:23:20
[SECURITY] Fedora 31 Update: libxslt-1.1.33-4.fc31
2019-10-29 01:28:27
openvas
openvas
Fedora Update for mingw-libxslt FEDORA-2019-320d5295fc
2019-06-19 00:00:00
Huawei EulerOS: Security Advisory for libxslt (EulerOS-SA-2019-2519)
2020-01-23 00:00:00
Debian: Security Advisory (DLA-1860-1)
2019-07-23 00:00:00
debian
debian
[SECURITY] [DLA 1860-1] libxslt security update
2019-07-22 16:16:47
[SECURITY] [DSA 3709-1] libxslt security update
2016-11-08 21:41:31
[SECURITY] [DLA 1756-1] libxslt security update
2019-04-15 16:07:56
osv
osv
libxslt - security update
2019-07-22 00:00:00
libxslt Type Confusion vulnerability that affects Nokogiri
2022-05-24 16:49:07
Uninitialized read in Nokogiri gem
2022-05-24 16:49:06
suse
suse
Security update for libxslt (moderate)
2020-05-29 00:00:00
Security update for libxslt (moderate)
2019-05-22 00:00:00
Security update for libxslt (moderate)
2019-05-22 00:00:00
cloudfoundry
cloudfoundry
USN-4164-1: Libxslt vulnerabilities | Cloud Foundry
2019-11-06 00:00:00
mageia
mageia
Updated libxslt packages fix security vulnerabilities
2019-11-02 19:54:34
Updated libxslt packages fix security vulnerability
2019-05-18 15:33:10
ubuntu
ubuntu
Libxslt vulnerabilities
2019-10-22 00:00:00
Libxslt vulnerability
2019-04-15 00:00:00
rubygems
rubygems
Nokogiri gem, via libxslt, is affected by multiple vulnerabilities
2019-10-30 21:00:00
amazon
amazon
Medium: libxslt
2020-10-22 18:26:00
Medium: libxslt
2020-12-16 20:31:00
Medium: libxslt
2021-01-12 22:51:00
ibm
ibm
Security Bulletin: IBM MQ Appliance is affected by libxslt vulnerabilities (CVE-2019-11068, CVE-2019-18197)
2021-03-03 16:05:04
almalinux
almalinux
Moderate: libxslt security update
2020-11-03 12:07:14
rosalinux
rosalinux
Advisory ROSA-SA-2021-1906
2021-07-02 17:26:03
redhat
redhat
(RHSA-2020:4005) Moderate: libxslt security update
2020-09-29 07:50:58
(RHSA-2020:4464) Moderate: libxslt security update
2020-11-03 12:07:14
oraclelinux
oraclelinux
libxslt security update
2020-11-10 00:00:00
libxslt security update
2020-10-06 00:00:00
f5
f5
K96300145 : C Library (SQLite & libxslt) vulnerabilities CVE-2019-16168 CVE-2019-13117 CVE-2019-13118
2020-01-31 00:00:00
K30444545 : libxslt vulnerability CVE-2019-11068
2022-08-19 00:00:00
github
github
Uninitialized read in Nokogiri gem
2022-05-24 16:49:06
libxslt Type Confusion vulnerability that affects Nokogiri
2022-05-24 16:49:07
alpinelinux
alpinelinux
CVE-2019-13118
2019-07-01 02:15:09
CVE-2019-18197
2019-10-18 21:15:10
CVE-2019-13117
2019-07-01 02:15:09
veracode
veracode
Denial Of Service (DoS)
2019-10-23 05:35:33
Authorization Bypass
2019-04-23 03:14:13
symantec
symantec
libxslt CVE-2019-13117 Information Disclosure Vulnerability
2019-07-10 00:00:00
libxslt CVE-2019-11068 Security Bypass Vulnerability
2019-04-10 00:00:00

9.5 High

AI Score

Confidence

High

0.047 Low

EPSS

Percentile

92.7%

JSON
Related for REDHAT_UNPATCHED-LIBXSLT-RHEL5.NASL
nessus56nvd9cve8ubuntucve7redhatcve7prion9cvelist9debiancve6fedora6openvas40debian6osv4suse3cloudfoundry1mageia2ubuntu2rubygems1amazon4ibm1almalinux1rosalinux1redhat2oraclelinux2f52github2alpinelinux4veracode2symantec2